Data protection and Coronavirus - What you need to know

Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ continuity and the safety and health of their employees, measures intended to ensure a safe working environment can increase processing of employee personal data. In its latest blogs and articles, the ICO (Information Commissioner’s Office) gives helpful guidance about the processing of personal data during the COVID-19 virus pandemic.     

The ICO acknowledges the need for public bodies and health practitioners to be able to communicate directly with people when dealing with the spread of the COVID-19 virus. The Government, the NHS, health professionals and other organisations may send public health messages to people, either by phone, text or email. Such messages are not seen as direct marketing and do not need consent from individuals. 

Employers and organisations have an obligation to protect their staff and in some cases it would be reasonable for them to ask employees and visitors about details that may be considered sensitive, including health conditions, coronavirus symptoms and recent travel. However, employers and organisations should be careful not to ask for any unnecessary information. Employers could ask visitors to consider government advice before they decide to come. And you could advise staff to call 111 if they are experiencing symptoms or have visited particular countries. This approach should minimise the information, including sensitive information, you need to collect. If that’s not enough and you still need to collect specific health data, do not collect more than you need and ensure that there are safeguards in place to protect that information. 

If an employer learns about an employee becoming ill with coronavirus, it might need to tell the employee’s colleagues due to an obligation to ensure the health and safety of the employees but that does not mean that the name of the affected employee or any other unnecessary information should be disclosed. If we don’t meet our usual standard or response to information right requests, will the ICO take regulatory action against us? As the organisations are diverting their resources to help immediate challenges in connection with the Covid-19 pandemic, it may take longer to process any subject access requests (SAR) or Freedom of Information requests in case of a public body. The ICO understands that resources may be diverted away from the usual compliance and governance work and organisations will not be penalised where they need to prioritise other areas. Statutory timescales, for example for dealing with subject access requests (SAR), cannot be extended but the ICO recognises that there may be understandable delays when making information rights requests during the pandemic. 

If it is necessary for your organisation to share information with authorities about specific individuals the data protection law won’t stop you from doing so.

With more homeworking think about having security measures in place that you would normally have for homeworking. Data controllers might need to share information quickly or adapt the way they work. Data protection rules will not stop you doing that. Data protection compliance is about being proportionate – if an action feels excessive from the public’s point of view, then it probably is. 

For more specialist data protection legal advice on your specific situation, our lawyers are always on hand to help, and our low-cost, fixed price means that you will never need to worry about an unexpected bill. Call us today for more information about how we could save you time and money on 020 3808 8314 or submit your enquiry here.   The author of this article is Alla Fairborther. Alla Fairbrother is an experienced and effective solicitor with clear business focus and many years of legal expertise supporting businesses of various sizes and industries.

Alla has provided legal support to businesses on various areas of law and has broad UK based international experience in all types of legal matters concerning a particular business, with more in-depth experience in commercial / business law, including: Reviewing, drafting and negotiating a broad range of commercial contracts, Confidentiality agreements, NDAs and CDAs, Supply of goods and / or services contracts, Purchase agreements, both direct and indirect, Distributor and dealer agreements, Supply, installation, commissioning and some construction contracts, Franchise agreements, Research, development and student sponsorship agreements. 

Keep up to date with the latest UK government guidance for businesses and employees at https://www.gov.uk/government/news/coronavirus-covid-19-guidance-for-employees-employers-and-businesses Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.